|Publication number||US7596607 B2|
|Application number||US 12/163,873|
|Publication date||Sep 29, 2009|
|Filing date||Jun 27, 2008|
|Priority date||May 22, 2003|
|Also published as||US7454467, US20040258044, US20080256212|
|Publication number||12163873, 163873, US 7596607 B2, US 7596607B2, US-B2-7596607, US7596607 B2, US7596607B2|
|Inventors||Janice Marie Girouard, Emily Jane Ratliff|
|Original Assignee||International Business Machines Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (22), Classifications (8), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for managing data in a data processing system. Still more particularly, the present invention relates to a method, apparatus, and computer instructions for managing email messages.
2. Description of Related Art
The Internet, also referred to as an “internetwork”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from a protocol of the sending network to a protocol used by the receiving network. When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply “the Web”. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). The information in various data files is formatted for presentation to a user by a standard page description language, the Hypertext Markup Language (HTML). In addition to basic presentation formatting, HTML allows developers to specify “links” to other Web resources identified by a Uniform Resource Locator (URL). A URL is a special syntax identifier defining a communications path to specific information. Each logical block of information accessible to a client, called a “page” or a “Web page”, is identified by a URL. The URL provides a universal, consistent method for finding and accessing this information, not necessarily for the user, but mostly for the user's Web “browser”. A browser is a program capable of submitting a request for information identified by an identifier, such as, for example, a URL. A user may enter a domain name through a graphical user interface (GUI) for the browser to access a source of content. The domain name is automatically converted to the Internet Protocol (IP) address by a domain name system (DNS), which is a service that translates the symbolic name entered by the user into an IP address by looking up the domain name in a database.
The Internet also is widely used to transfer applications to users using browsers. With respect to commerce on the Web, individual consumers and business use the Web to purchase various goods and services. In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
A widespread use of the Web is in the area of communications. Electronic messages, also referred to as “email” messages, are a widespread form of communication that has quickly overtaken the “written” letter. As with physical mail, users often receive junk mail or “spam”, which has been sent unsolicited. With spam, a user has a choice of different mechanisms to deal with the unsolicited email. A user may manually delete the unwanted messages.
Alternatively, the user may use a filter to block email messages from unwanted sources. These filters require the user to add email addresses to a list that is used to filter out unwanted messages. The drawback of this type system is that a user is required to maintain the list. System level filtering is available from Internet service providers (ISPs). These providers generate black lists of know sources of spam, and block the delivery of email messages from those sources. One problem with system level filtering is that it is sometimes hard to distinguish between legitimate commercial email messages and spam. These systems block all email messages, including legitimate ones in additions to the spam.
Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for managing unsolicited email messages.
The present invention provides a method, apparatus, and computer instructions for managing email messages. Outgoing packets are monitored. The outgoing packets are parsed for outgoing email messages. An identification of recipients in packets for outgoing email messages is made. A list of email addresses is updated with email addresses for the identified recipients, wherein the list of email addresses is used to accept incoming email messages. The outgoing packets also are parsed to identify Web traffic containing a user email address. A domain name of the destination is identified for Web traffic containing the user email address. The list of email messages is updated with this domain name. Incoming email messages are screened to see if the domain name is present in the email address of the sender in determining whether to accepted the email messages.
The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:
With reference now to the figures,
In the depicted example, server 104 is connected to network 102 along with storage unit 106. In this example, storage unit 106 is connected to server 102. In addition, clients 108, 110, and 112 are connected to network 102. These clients 108, 110, and 112 may be, for example, personal computers or network computers. In the depicted example, server 104 may provide data, such as boot files, operating system images, and applications to clients 108-112. Clients 108, 110, and 112 are clients to server 104. Server 104 may act as an Internet service provider and/or email message provider to the clients in these examples.
Network data processing system 100 may include additional servers, clients, and other devices not shown. In the depicted example, network data processing system 100 is the Internet with network 102 representing a worldwide collection of networks and gateways that use the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols to communicate with one another. At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, government, educational and other computer systems that route data and messages. Of course, network data processing system 100 also may be implemented as a number of different types of networks, such as for example, an intranet, a local area network (LAN), or a wide area network (WAN).
Peripheral component interconnect (PCI) bus bridge 214 connected to I/O bus 212 provides an interface to PCI local bus 216. A number of modems may be connected to PCI local bus 216. Typical PCI bus implementations will support four PCI expansion slots or add-in connectors. Communications links to clients 108-112 in
Additional PCI bus bridges 222 and 224 provide interfaces for additional PCI local buses 226 and 228, from which additional modems or network adapters may be supported. In this manner, data processing system 200 allows connections to multiple network computers. A memory-mapped graphics adapter 230 and hard disk 232 may also be connected to I/O bus 212 as depicted, either directly or indirectly.
Those of ordinary skill in the art will appreciate that the hardware depicted in
The data processing system depicted in
With reference now to
An operating system runs on processor 302 and is used to coordinate and provide control of various components within data processing system 300 in
Those of ordinary skill in the art will appreciate that the hardware in
As another example, data processing system 300 may be a stand-alone system configured to be bootable without relying on some type of network communication interfaces. As a further example, data processing system 300 may be a personal digital assistant (PDA) device, which is configured with ROM and/or flash ROM in order to provide non-volatile memory for storing operating system files and/or user-generated data.
The depicted example in
The present invention provides an improved method, apparatus, and computer instructions for managing email messages. The mechanism of the present invention provides for automatic maintenance of filters used in filtering out unsolicited email messages. Outgoing connections are monitored for email traffic and web traffic. Email traffic is monitored to identify recipients of email generated by the user. The email addresses of these recipients are added to a list of addresses also referred to as a white list.
Additionally, Web traffic is also monitored for the user's email address within documents being sent to Web servers. An email address for the Web server is identified when the user's email address is found in a document, such as a registration form being sent to the Web server, the domain name, such as “ibm.com”, for the Web server also is added to the white list. The domain name for the Web server is also referred to as a source domain name.
This white list is then used to determine which incoming email is to be forwarded to the user and to determine which ones are to be discarded or placed into a folder for review. This folder may be, for example, a junk folder, or a deleted folder.
Turning now to
In this example, firewall 404 is implemented to manage email received by client application 400. White list 406 is used to determine email messages that are to be received by client application 400 from ISP 402. White list 406 is a list of email addresses from sources that may be forwarded onto client application 400. When firewall 404 receives email messages destined for client application 400, the sender or “from” address is checked to determine whether the email address or the domain name in the sender's email address is found on white list 406. If the email address for the sender is present on white list 406, the email message is then sent on to client application 400. Otherwise, the email message is discarded or placed in some other folder for review. This other folder may be a junk mail or spam folder that is emptied on some periodic basis without requiring user intervention.
Firewall 404 monitors all outgoing traffic from a client computer. For example, all email traffic sent out by client application 400 is monitored by firewall 404. In addition, outgoing traffic from client browser 408 also is monitored from firewall 404. Specifically, firewall 404 monitors outgoing packets from the client computer.
With respect to outgoing email generated by client application 400, firewall 404 looks for connections to email servers. For example, firewall 404 looks for connections to servers using a simple mail transfer protocol (SMTP), post office protocol (POP), and Internet message access protocol (IMAP). STMP uses port 25, POP uses port 10, and IMAP uses port 143. When outgoing traffic, such as traffic to these ports, is detected, firewall 404 parses the outgoing data stream for this traffic, looking for outgoing mail. Email addresses for recipients, such as those in “TO:”, “CC:”, and “BCC:” are identified. These recipients are added to white list 406.
Additionally, firewall 404 monitors outgoing traffic generated by client browser 408. Connections, such as those to Web servers are identified. For example, a connection to port 80 causes firewall 404 to parse the outgoing data stream looking for instances of the user's email address. The user's email address may be found in forms filled in by user, such as POST or GET based forms. When such instances of the user's email address are found in the outgoing traffic, the domain of the Web server receiving the information is added to the list of email domains. Additionally, the user also may directly edit white list 406 to add or remove email addresses or domain names.
In these examples, firewall 404 implements the processes of the present invention. Firewall 404 may be implemented in various places depending on the particular implementation. For example, firewall 404 may be on the same client computer as the application 400 and client browser 408. Alternatively, firewall 404 may be located on computers for ISP 402 or on some data processing system. The process of the present invention could also be implemented within client application 400 to monitor outgoing traffic from the client computer. In such a case, a white list may be implemented within filters 408 in client applications 400. If the mechanism of the present invention is located at ISP 402, then a white list may be implemented within filters 410.
Turning now to
The process begins by identifying the user's email address (step 500). This address may be retrieved from a configuration file. Alternatively, a user may be prompted to enter the current email address. An existing white list is parsed for use in filtering email messages (step 502). As described above, this list includes email addresses and domain names. Thereafter, network monitoring is enabled (step 504), with the process terminating thereafter.
Turning now to
The process begins by detecting an outgoing packet (step 600). A determination is made as to whether the outgoing packet is outgoing email traffic to an email server (step 602). In these examples, the process looks for connections to email servers. If the outgoing packet is not directed to an email server, a determination is made as to whether the outgoing packet is directed to a Web server (step 604). Step 604 involves determining whether a connection to a Web server has been made, such as a connection to port 80.
In these examples, the outgoing traffic is shown only with respect to email servers and web servers. The mechanism of the present invention may be applied to all outgoing traffic. Other types of traffic may be identified depending on the connection type being made. Alternatively, all outgoing packets may be monitored for information, such as the user's email address.
If the outgoing packet is to a Web server, a search is made for a user's email address (step 606). A determination is then made as to whether the user's email address is found in the packet (step 608). If the user's email address is present in the packet, a domain name is identified for the web server (step 610). Then, a determination is made as to whether the domain name is present in the white list (step 612). If the domain name is not present in the white list, the domain name is added to the white list (step 614), with the process returning to step 600 as described above.
With reference again to step 612, if the domain name is present in the white list, the step also returns to step 600. Similarly, the process returns to step 600 if the user's email address is not found in step 608. With reference again to step 604, if the packet is not directed to a Web server, the process also returns to step 600.
With reference back to step 602, if the outgoing packet is part of an email to an email server, address fields are searched to identify email addresses for recipients (step 616). The white list is updated to add any new email addresses (step 618), with the process returning to step 600 as described above.
The process begins by detecting an incoming packet (step 700). Thereafter, a determination is made as to whether the incoming packet is part of an email message to the user (step 702). If the packet is for an email message to the user, then the sender's email address is identified. A determination is made as to whether the sender's email address is on the white list (step 706). If the sender's email address is not on the white list, the packet is discarded (step 708), with the process then returning to step 700 as described above.
With reference again to step 706, if the sender's email address is on the white list, the packet is then sent to the client application (step 710), with the process then returning to step 700 as described above. Turning back to step 702, if the incoming packet is not for an email message for the user, the process returns to step 700.
Thus, the present invention provides a method, apparatus, and computer instructions for managing email traffic. The mechanism of the present invention monitors outgoing packets and parses the data stream for outgoing email messages. When outgoing email messages are found, the recipients of the messages are used to update a white list. In other words, if the email address for the recipient is not found in the white list, the address is then added to the white list. If the email address already is found in the white list, no change is made in updating the white list. Further, other traffic, such as Web traffic, is monitored for the user's email address. If the user's email address is found, the domain name of the server to which the packet is being sent is added to the white list. Thus, the user is not required to actively edit a list of addresses from which the user will accept email messages. Of course, the user may also manually edit this list to add or remove email addresses and domain names from the list.
It is important to note that while the present invention has been described in the context of a fully functioning data processing system, those of ordinary skill in the art will appreciate that the processes of the present invention are capable of being distributed in the form of a computer readable medium of instructions and a variety of forms and that the present invention applies equally regardless of the particular type of signal bearing media actually used to carry out the distribution. Examples of computer readable media include recordable-type media, such as a floppy disk, a hard disk drive, a RAM, CD-ROMs, DVD-ROMs, and transmission-type media, such as digital and analog communications links, wired or wireless communications links using transmission forms, such as, for example, radio frequency and light wave transmissions. The computer readable media may take the form of coded formats that are decoded for actual use in a particular data processing system.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US6052709||Dec 23, 1997||Apr 18, 2000||Bright Light Technologies, Inc.||Apparatus and method for controlling delivery of unsolicited electronic mail|
|US6249805||Aug 12, 1997||Jun 19, 2001||Micron Electronics, Inc.||Method and system for filtering unauthorized electronic mail messages|
|US6321267||Nov 23, 1999||Nov 20, 2001||Escom Corporation||Method and apparatus for filtering junk email|
|US6330590||Jan 5, 1999||Dec 11, 2001||William D. Cotten||Preventing delivery of unwanted bulk e-mail|
|US6421709||Jul 7, 1999||Jul 16, 2002||Accepted Marketing, Inc.||E-mail filter and method thereof|
|US6453327||Jun 10, 1996||Sep 17, 2002||Sun Microsystems, Inc.||Method and apparatus for identifying and discarding junk electronic mail|
|US7096498||Feb 7, 2003||Aug 22, 2006||Cipher Trust, Inc.||Systems and methods for message threat management|
|US7149801||Nov 8, 2002||Dec 12, 2006||Microsoft Corporation||Memory bound functions for spam deterrence and the like|
|US7213260||Feb 24, 2003||May 1, 2007||Secure Computing Corporation||Systems and methods for upstream threat pushback|
|US7225466||Mar 24, 2006||May 29, 2007||Secure Computing Corporation||Systems and methods for message threat management|
|US7249175||Apr 12, 2000||Jul 24, 2007||Escom Corporation||Method and system for blocking e-mail having a nonexistent sender address|
|US7320020||Apr 17, 2003||Jan 15, 2008||The Go Daddy Group, Inc.||Mail server probability spam filter|
|US7454467 *||May 22, 2003||Nov 18, 2008||International Business Machines Corporation||Method for managing email messages|
|US7472163 *||Dec 30, 2002||Dec 30, 2008||Aol Llc||Bulk message identification|
|US7487262 *||Nov 18, 2002||Feb 3, 2009||At & T Mobility Ii, Llc||Methods and systems for routing messages through a communications network based on message content|
|US20020078371||Aug 15, 2001||Jun 20, 2002||Sun Microsystems, Inc.||User Access system using proxies for accessing a network|
|US20030172167||Mar 6, 2003||Sep 11, 2003||Paul Judge||Systems and methods for secure communication delivery|
|US20030172291||Feb 7, 2003||Sep 11, 2003||Paul Judge||Systems and methods for automated whitelisting in monitored communications|
|US20030172292||Feb 7, 2003||Sep 11, 2003||Paul Judge||Systems and methods for message threat management|
|US20030172294||Feb 24, 2003||Sep 11, 2003||Paul Judge||Systems and methods for upstream threat pushback|
|US20040083388||Jan 24, 2003||Apr 29, 2004||Nguyen The Vinh||Method and apparatus for monitoring data packets in a packet-switched network|
|US20040210640||Apr 17, 2003||Oct 21, 2004||Chadwick Michael Christopher||Mail server probability spam filter|
|U.S. Classification||709/206, 709/245|
|International Classification||G06F15/16, H04L12/58|
|Cooperative Classification||H04L51/28, H04L51/12|
|European Classification||H04L51/12, H04L12/58F|
|May 10, 2013||REMI||Maintenance fee reminder mailed|
|Jul 30, 2013||FPAY||Fee payment|
Year of fee payment: 4
|Jul 30, 2013||SULP||Surcharge for late payment|
|Jan 13, 2017||FPAY||Fee payment|
Year of fee payment: 8